Enterasys Networks N Standalone (NSA) Series Switch User Manual


  Open as PDF
of 1372
 
Security Configuration Command Set
Configuring RFC 3580
14-20 Matrix NSA Series Configuration Guide
14.3.3 Configuring RFC 3580
About RFC 3580
RFC 3580 provides suggestions on how 802.1x Authenticators should leverage RADIUS as the
backend AAA infrastructure. RFC 3580 is divided into several major sections: RADIUS
Accounting, RADIUS Authentication, RC4 EAPOL-Key-Frame Discussions, and Security
Considerations.
Upon detection, End-Points (PCs, IP Phones, etc.) may be interrogated by
the AAA clients for credentials, which may then be used to authenticate the user and
determine the services which should be provided (authorization). During the exchange with
the AAA server, the AAA client will present information describing the End-Point and
itself. The AAA server will then describe the level of service which should be provided.
This may include authentication success, session duration, and class-of-service to be
provided.
Enterasys Networks Layer 2 switches utilize two specific attributes to implement the
provisioning of service in response to a successful authentication:
A proprietary Filter-ID, which describes a Policy Profile to be applied to the user. (See Section
14.1.1, “RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment,” on page 14-3.)
The VLAN-Tunnel-Attribute; which defines the base VLAN-ID to be applied to the user
(or possibly mapped to an Enterasys Policy Profile).
Purpose
To review and configure RFC 3580 support.
Commands
The commands needed to configure RFC 3580 are listed below and described in the associated
section as shown:
show vlanauthorization (Section 14.3.3.1)
set vlanauthorization (Section 14.3.3.2)
clear vlanauthorization (Section 14.3.3.3)